review
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by ingesting and processing untrusted data from external sources.
- Ingestion points: The agent is instructed to read pull request descriptions, linked issues, and the full content of changed files fetched via CLI (SKILL.md).
- Boundary markers: Absent. The skill does not provide any instructions or delimiters to help the agent distinguish its core instructions from potentially malicious instructions embedded within the reviewed code or descriptions.
- Capability inventory: The skill utilizes git and platform-specific CLIs to read file contents and metadata, and it has the capability to submit review comments back to the hosting platform.
- Sanitization: Absent. There is no logic specified to sanitize, validate, or escape the content of the PR or the code changes before the agent processes them.
Audit Metadata